<?php
/**
 * Script used to fetch a spesific staffcomment from an employee.
 */

// Start the session handling system
session_start ();

// Connect to the database
require_once ("../../../db.php");

// Only allow this for employees
if (!isset($_SESSION['uid']) || ($_SESSION['type'] != 'employee'))
    die('Not logged in as an employee user');

// select one comment for one project for the user
$sql ='SELECT * FROM staffcomments WHERE uid="'.$_SESSION['uid'].
        '" AND projectid='.$_POST['pid'].'';

$sth = $db->prepare($sql);
$sth->execute();
$row = $sth->fetch();

if ($row){ echo json_encode($row); }

?>